A few days ago, Anonymous activists hacked into AAPT, stole 40GB of data including customer information and forced offline ten Australian government websites.
Anonymous members stated in an online internet relay chat (IRC) interview with the ABC that the hacking attacks were part of an ongoing campaign against the government’s proposed changes to privacy laws.
One of the proposed changes being discussed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) in an inquiry into potential reforms of national security legislation is a requirement for internet service providers (ISPs) to store user online activity for two years.
This means that everything you do, from social networking, emails, web browsing, chat sessions, Skype sessions and so on would be monitored, stored and made available to government intelligence agencies as and when needed.
Last week, it was reported on the website Slashdot that Microsoft had made Skype easier to monitor. Lauren Weinstein, co-founder of People for Internet Responsibility, a privacy advocacy group, was quoted in The Washington Post as saying:
The issue is, to what extent are our communications being purpose-built to make surveillance easy?
When you make it easy to do, law enforcement is going to want to use it more and more. If you build it, they will come.
During the ABC IRQ interview, Anonymous representatives made the following statement against increased government surveillance of the online world:
Whilst our own rights to privacy dwindle, corporate rights to commercial confidentiality and intellectual property skyrocket. Whilst we no longer know about many of the activities of our governments, our governments have the means to accumulate unprecedented vast banks of data about us […]
The attacks are a way to draw attention to the msg we wish to deliver to the ppl of au.
The hacking attacks by Anonymous on government websites and AAPT were designed to highlight to the Australian public the difficulty of keeping stored data private. By carrying out hacking attacks and then making public pronouncements Anonymous hopes to convince Australians not to support changes to the current privacy laws.
Data retention policies vary around the world. The European Union has had a data retention directive since 2006 that specifies types of data that are to be retained for periods of between six months and two years.
In recent weeks, the United Kingdom government has begun debating a draft Communications Data Bill that includes compulsory data retention for a wide range of information, such as websites visited, for a period of one year.
So why are governments around the world increasing internet surveillance? Four reasons spring to mind:
1) Terrorism. The threat of terrorists using the internet to plan, support and carry out terrorist acts has prompted the Attorney-General’s Department to discuss the need to increase the powers of organisations such as the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS) and the Defence Signals Directorate (DSD).
2) Cyber warfare. On July 19, in the first public address by a head of ASIS, Nick Warner, identified cyber warfare as a major threat:
The field of cyber operations is one of the most rapidly evolving and potentially serious threats to our national security in the coming decade.
Government departments and agencies, together with corporate Australia, have been subject to concerted efforts by external actors seeking to infiltrate sensitive computer networks.
Developments in cyber are a two-edged sword for an agency like ASIS.
They offer new ways of collecting information, but the digital fingerprints and footprints which we all now leave behind complicate the task of operating covertly.
3) Cybercrime. Criminals use the internet for their everyday activities much as any modern business does. In 2011 Symantec, a provider of internet security software, estimated the cost of cybercrime to Australians had reached about A$4.6 billion annually.
4) Hacking. Copyright and intellectual property theft over the internet has become endemic. Much of the hacking remains unreported and business has become decidedly worried about the effects of competitors gaining access to intellectual property.
Governments around the world are slowly regulating the internet. Failure to do so will come at an unbearable cost to the nation, business and to individuals.
There is nothing Anonymous can do to stop this inevitable process – so why can’t they get on board? The group could highlight weaknesses in the internet, websites and business systems so that appropriate action can be taken.
To put it simply, there’s no need for Anonymous to steal data from a company and then post this data on a public website. This action is counterproductive and strengthens the government’s argument for greater regulation.
But the point Anonymous is trying to make, that Australian companies and the government cannot be trusted to securely implement a data retention scheme, is probably very true.
In the past two years, many large Australian companies have been hacked and customer information stolen including credit card details. The penalties to companies for a data breach are minor and therefore very little effort is expended by business to adequately protect customer information.
Governments around the world are stumbling forward with data retention policies without adequate plans for how the data is to be secured, how the data retention process is to be audited and by whom, and what the penalties will be for failure to ensure the data remains secure.
We are in a new phase online where the blind are leading the blind, trying to find a path towards a more secure and regulated internet that enshrines our right to privacy.